Privacy Policy
Last updated: 2026-04-10 | Effective date: 2026-04-10
1. Who We Are
CollegeRoster ("we," "us," "our") is a recruiting platform for student athletes, parents/guardians, and verified college coaches. Our website is located at collegeroster.org (the "Platform").
CollegeRoster is operated by Phareon LLC, a Delaware limited liability company. Address: 1209 Orange Street, Wilmington, DE 19801. Phone: [pending]. Email: privacy@collegeroster.org
For privacy inquiries, contact us at: privacy@collegeroster.org
2. Who This Policy Covers
- Athletes -- student athletes who create profiles on the Platform
- Parents/Guardians -- adults who co-manage a minor athlete's account
- Coaches -- verified college coaches with read-only access
- Recruiters -- verified recruiting professionals with paid subscriptions
- Visitors -- anyone who browses the Platform without an account
3. Age Requirements and Children's Privacy (COPPA)
CollegeRoster takes the privacy of minors seriously.
Under 13: We do not knowingly collect personal information from children under 13. Users under 13 are blocked from creating accounts. If we discover that we have collected data from a child under 13 without proper parental consent, we will delete it immediately.
Ages 13-17: A parent or guardian must complete a verifiable parental consent (VPC) process before the minor athlete can access platform features beyond profile creation. Parental consent is verified through a credit card micro-charge ($0.50, refunded within 48 hours). Additional verification methods (signed consent form upload, phone verification) may be offered in the future and will be listed here when available.
The parent/guardian has co-equal rights to access, modify, and delete the minor's account and all associated data at any time.
Ages 18+: Standard consent applies.
COPPA Direct Notice to Parents
Before collecting personal information from a child aged 13-17, we provide the parent/guardian with a direct notice (via the consent invitation email) that includes:
- The types of personal information we collect from the child (see Section 4)
- How we use the information (see Section 5)
- Our disclosure practices and third-party processors (see Section 6)
- That the parent/guardian can review, modify, or delete the child's information at any time by signing into their co-management account or contacting privacy@collegeroster.org
- That the parent/guardian can revoke consent at any time, which will disable the child's account
To report a concern about children's privacy, contact privacy@collegeroster.org.
4. What We Collect
4a. Information You Provide
- Account info: Name, email address, date of birth, school, graduation year
- Athlete profile: Sport(s), position(s), height/weight, GPA, academic records (if uploaded), awards, stats
- Academic documents: Transcripts and test scores (uploaded voluntarily; athlete/parent controls visibility)
- Media: Photos, highlight videos, and other uploaded files
- Payment info: Billing details processed securely by our payment processor (we do not store card numbers)
- Communications: Coach outreach drafts, messages, and outreach tracking data
4b. Information We Collect Automatically
- Usage data: pages visited, features used, session duration
- Device info: browser type, operating system, IP address
- Cookies: authentication tokens, session cookies (see Cookie Policy)
4c. Information Collected During Parental Consent Verification
During the parental consent verification process, we collect and store the parent/guardian's IP address, browser user agent string, and a device fingerprint. This information is used solely to: (1) verify that the consenting adult is a different person than the minor athlete (same-device detection), and (2) maintain an auditable consent record as required by COPPA. This data is not used for marketing, analytics, or any other purpose.
5. How We Use Your Information
We use your data to:
- Create and manage your account
- Display your athlete profile to verified coaches (only if you choose to publish)
- Power the stats aggregator, media studio, and coach communication tools
- Send transactional emails (verification, receipts, alerts)
- Process payments via our payment processor
- Generate AI-assisted content (email drafts, captions) using anonymized data
- Moderate uploaded content for compliance with our Code of Conduct and applicable law
- Improve and secure the Platform
We do not sell your personal data, share your data with coaches beyond what you publish, or use your academic records for any purpose other than displaying them as you configure.
6. Third-Party Data Sharing
| Recipient | What We Share | Why |
|---|---|---|
| Verified coaches | Published profile fields only | Core platform function |
| Database & authentication provider | All account data, profile data, academic records, authentication tokens, audit logs | Database hosting, authentication, serverless functions |
| Payment processor | Payment and billing info | Payment processing |
| File storage provider | Uploaded files | File storage |
| Application hosting provider | Request metadata (IP addresses, headers) | Application hosting |
| Video processing provider | Video files | Video transcoding, CDN delivery, and playback |
| Email delivery provider | Email address | Transactional email |
| AI service provider | Anonymized profile data (names removed) | AI email drafting, captions (zero-data-retention enabled) |
We require all third-party processors to maintain appropriate data security standards. We do not sell data to data brokers, advertisers, or analytics companies.
AI disclosure: We use third-party artificial intelligence services with zero-data-retention agreements to generate AI-assisted content such as email drafts and captions. Athlete data sent to these services is anonymized (names and identifying information removed) before transmission.
Content moderation: When automated content safety classification is enabled (e.g., cloud-based image safety API), uploaded media may be sent to the classification provider for analysis. We will update this table to list the specific provider before enabling automated classification. Until then, all content moderation is performed through human review.
7. Academic Records and FERPA
Academic transcripts and records you upload to CollegeRoster are uploaded voluntarily by you or your parent/guardian. CollegeRoster does not obtain records directly from schools or educational institutions. CollegeRoster is not an educational institution and is not a FERPA-covered entity. Uploading records to CollegeRoster does not create a FERPA-covered relationship.
Once uploaded, your academic records are governed by this Privacy Policy, not FERPA. We store and display them solely as directed by you and your parent/guardian. We do not share academic records with coaches or any third party without your explicit consent toggle being enabled. Parents/guardians can delete uploaded academic records at any time.
CollegeRoster will not accept records directly from educational institutions without first executing a separate FERPA-compliant agreement.
8. Your Data Rights
- Access -- request a copy of all data we hold about you
- Correction -- request corrections to inaccurate data
- Deletion -- request full deletion of your account and all associated data
- Export -- request a portable export of your data
- Opt-out of AI -- request your data not be used in AI-powered features
To exercise any right, email privacy@collegeroster.org. We will acknowledge your request within 10 business days and fulfill it within 45 days. If we need additional time (up to 90 days total), we will notify you with the reason for the extension.
8a. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Categories of Personal Information We Collect
| CCPA Category | Examples | Source | Purpose |
|---|---|---|---|
| Identifiers | Name, email, IP address | You; automatic | Account management, communication |
| Commercial information | Subscription tier, payment history | You; payment processor | Payment processing, feature access |
| Internet activity | Pages visited, features used, session duration | Automatic | Platform improvement, security |
| Education information | GPA, transcripts, test scores | You | Profile display (as you configure) |
| Biometric-adjacent | Height, weight | You | Athletic profile |
| Audio/visual | Photos, highlight videos | You | Profile display, content moderation |
| Sensitive PI (minors under 16) | Data of children aged 13-17 | You; parent/guardian | Core platform function (with parental consent) |
Your California Rights
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete: Request deletion of your personal information (subject to legal exceptions).
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link.
- Right to Limit Use of Sensitive Personal Information: You may request we limit our use of sensitive personal information to what is necessary to provide the Platform.
- Non-Discrimination: We will not discriminate against you for exercising any of these rights. You will not receive different pricing, quality, or service levels.
Authorized Agents
You may designate an authorized agent to submit requests on your behalf. The agent must provide written authorization signed by you, and we may require you to verify your identity directly with us. Email authorized agent requests to privacy@collegeroster.org.
Financial Incentives
We do not offer financial incentives for the collection or sale of personal information.
9. Cookies
We use cookies for authentication (session) and security. We do not use advertising cookies or cross-site tracking. See our Cookie Policy for details.
10. Data Retention
When you delete your account, we delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., payment records for tax compliance).
11. Data Security
We implement encryption in transit (TLS 1.2+), encryption at rest for stored files, OAuth token encryption (AES-256-GCM), role-based access controls, Row Level Security on all database tables, content moderation on uploaded media, and regular security reviews.
12. Data Breach Notification
In the event of a data breach affecting your personal information, we will notify affected users without unreasonable delay (and within 72 hours where required by applicable law). We will also notify applicable state attorneys general as required by law. For minor accounts, we will notify the parent/guardian directly.
13. Changes to This Policy
We will notify you of material changes via email and by posting an updated policy with a new "Last updated" date. Continued use after changes constitutes acceptance. For changes affecting minors' data practices, we will obtain new parental consent where required by COPPA.
14. Contact
- Privacy: privacy@collegeroster.org
- Security: security@collegeroster.org